/var/log/filter.log format? way to convert to NCSA (CLF) format?
-
What format is the /var/log/filter.log stored in? Is anyone aware of any command line tool that may be available to convert the filter.log to the NCSA (CLF) format?
thanks in advance,
-m -
it appears pfsense 2 includes a filterparser, but it doesn't appear to output in NCSA format?
/usr/sbin/clog -f /var/log/filter.log | /usr/local/bin/filterparser.php
i also found this:
http://splunk-base.splunk.com/answers/25292/parsing-pfsense-logs-part-2but again no mention of NCSA format? any help anyone could provide would
be most appreciated! -
NCSA/CLF is a web server access log format, not a firewall log format.
I suppose someone could, using filterparser.php as a guide, make it output in some other format, but that still wouldn't help change a firewall log to a web server log format, the two aren't compatible/equivalent in that way.
What is it you're trying to use to parse the firewall log that wants it in that format?
-
Logstalgia… Thought it would be cool to use "apache pong" for "pf pong"...
-
That can't work for firewall logs. It's meant for web access logs, not firewall/filter logs.
-
could you point me at a reference for reading the log format?
if not could you possibly break down this example packet for me?
pf: 00:00:00.306610 rule 1/0(match): block in on msk1: (tos 0x20, ttl 40, id 33721, offset 0, flags [none], proto UDP (17), length 58)
-
could you point me at a reference for reading the log format?
if not could you possibly break down this example packet for me?
pf: 00:00:00.306610 rule 1/0(match): block in on msk1: (tos 0x20, ttl 40, id 33721, offset 0, flags [none], proto UDP (17), length 58)
They are standard pf logs, so OpenBSD may have some documentation.
Or: Use the source - https://github.com/pfsense/pfsense/blob/master/etc/inc/filter_log.inc#L136
